Improper File Control in Google App Engine Python SDK by Google
CVE-2011-4211

Currently unrated

Key Information:

Vendor: Google
Status: App Engine Python Sdk
Vendor: CVE Published:; 30 October 2011

Summary

A vulnerability exists in the FakeFile implementation of the Google App Engine Python SDK prior to version 1.5.4, which fails to properly restrict file opening. This lapse allows local users to circumvent access controls, potentially enabling the creation of arbitrary files through manipulated parameters. This incident poses significant risks by compromising file integrity and system security.

References

http://code.google.com/p/googleappengine/wiki/SdkReleaseN...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/71064

vdb-entryx_refsource_XF

http://blog.watchfire.com/files/googleappenginesdk.pdf

x_refsource_MISC

Timeline

Vulnerability published
Oct 30, 2011
Vulnerability Reserved
Oct 30, 2011